Context
We need a SourceOS Agent Machine contract that captures the Docker Machine-style / Podman Machine-style workspace pattern for Mac, Windows, and Linux hosts while preserving SourceOS/SociOS plane separation.
This is not just a devcontainer. It is the contract for an inception workspace:
host OS -> agent machine VM -> agent container -> mounted repo worktree -> governed agent shell / agentplane evidence.
It must align with the existing SourceOS contract-layer role of this repository.
Scope
Add v0 schemas and examples for:
AgentMachineProfile — host adapter, VM provider, container runtime, mounts, secrets, network policy, agent tool bundle, and evidence settings.AgentWorkspaceMount — repo mount model with read/write, read-only, cache, and secrets-prohibited semantics.AgentToolSurface — Codex, Claude Code, OpenCLAW/OpenClaw, local shell, and future provider slots as governed capabilities, not ambient tools.AgentMachineFingerprint — host, Podman machine, container, repo, git ref, mounted paths, policy hash, and tool versions.- Examples for macOS/Apple Silicon, Windows/WSL or Windows-hosted Podman, and Linux-native profiles.
Acceptance criteria
- Schemas use existing SourceOS schema conventions and stable URN style.
- Examples validate against the schemas.
- The profile explicitly distinguishes host plane, VM/machine plane, container plane, repo/worktree plane, user plane, and agent plane.
- The contract forbids mounting host secrets by default.
- The contract supports shared code folder mounts but requires explicit path allowlists.
- The contract includes an evidence/fingerprint requirement for every launch.
- README or schema catalog is updated.
Validation commands
Use repo-native validation if present. Otherwise include at least:
python -m json.tool examples/agent-machine-profile.macos.example.json
python -m json.tool examples/agent-machine-fingerprint.example.json
Non-goals
- Do not implement Podman commands here.
- Do not add platform-specific installer code here.
- Do not add secrets, tokens, credentials, private keys, or device-specific values.
- Do not claim production isolation guarantees beyond what the v0 schema can express.
Context
We need a SourceOS Agent Machine contract that captures the Docker Machine-style / Podman Machine-style workspace pattern for Mac, Windows, and Linux hosts while preserving SourceOS/SociOS plane separation.
This is not just a devcontainer. It is the contract for an inception workspace:
host OS -> agent machine VM -> agent container -> mounted repo worktree -> governed agent shell / agentplane evidence.
It must align with the existing SourceOS contract-layer role of this repository.
Scope
Add v0 schemas and examples for:
AgentMachineProfile— host adapter, VM provider, container runtime, mounts, secrets, network policy, agent tool bundle, and evidence settings.AgentWorkspaceMount— repo mount model with read/write, read-only, cache, and secrets-prohibited semantics.AgentToolSurface— Codex, Claude Code, OpenCLAW/OpenClaw, local shell, and future provider slots as governed capabilities, not ambient tools.AgentMachineFingerprint— host, Podman machine, container, repo, git ref, mounted paths, policy hash, and tool versions.Acceptance criteria
Validation commands
Use repo-native validation if present. Otherwise include at least:
Non-goals